Certification : Get AWS Certified Solutions Architect in 1 Day (2018 Update) Set 5

An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance’s security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?


Options are :

  • The outbound security group needs to be modified to allow outbound traffic.
  • The outbound network ACL needs to be modified to allow outbound traffic. (Correct)
  • Nothing, it can be accessed from any IP address using SSH.
  • Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic.

Answer : The outbound network ACL needs to be modified to allow outbound traffic.

A company has configured and peered two VPCs: VPC-1 and VPC-2. VPC-1 contains only private subnets, and VPC-2 contains only public subnets. The company uses a single AWS Direct Connect connection and private virtual interface to connect their on-premises network with VPC-1. Which two methods increases the fault tolerance of the connection to VPC-1? (Choose two.)


Options are :

  • Establish a hardware VPN over the internet between VPC-2 and the onpremises network.
  • Establish a hardware VPN over the internet between VPC-1 and the onpremises network. (Correct)
  • Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2.
  • Establish a new AWS Direct Connect connection and private virtual interface in a different AWS region than VPC-1.
  • Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1 (Correct)

Answer : Establish a hardware VPN over the internet between VPC-1 and the onpremises network. Establish a new AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1

A Solutions Architect is designing a solution to store and archive corporate documents and has determined that Amazon Glacier is the right solution. Data must be delivered within 10 minutes of a retrieval request. Which feature in Amazon Glacier can help meet this requirement?


Options are :

  • Vault Lock
  • Expedited retrieval (Correct)
  • Bulk retrieval
  • Standard retrieval

Answer : Expedited retrieval

Does S3 provide read-after-write consistency for new objects? Choose the correct answer from the options below


Options are :

  • Yes, for all regions (Correct)
  • No, not for any region
  • Yes, but only for certain regions and for new objects
  • Yes, but only for certain regions, not the us-standard region

Answer : Yes, for all regions

An application is currently hosted on an EC2 Instance which has attached EBS volumes. The data on these volumes is frequently accessed. But after a duration of a week, the documents need to be moved to infrequent access storage. Which of the following would be the ideal EBS volume type to use.


Options are :

  • EBS Provisioned IOPS SSD
  • EBS Throughput Optimized HDD
  • EBS General Purpose SSD
  • EBS Cold HDD (Correct)

Answer : EBS Cold HDD

You are a consultant tasked with migrating an on-premise application architecture to AWS. During your design process you have to give consideration to current on-premise security and determine which security attributes you are responsible for on AWS. Which of the following does AWS provide for you as part of the shared responsibility model? Choose the correct answer from the options given below


Options are :

  • Customer Data
  • Physical network infrastructure (Correct)
  • Instance security
  • User access to the AWS environment

Answer : Physical network infrastructure

There is an urgent requirement to monitor some database metrics for a database hosted on AWS and send notifications. Which AWS services can accomplish this? Choose 2 answers from the options given below.


Options are :

  • Amazon Simple Email Service
  • Amazon CloudWatch (Correct)
  • Amazon Simple Queue Service
  • Amazon Route 53
  • Amazon Simple Notification Service (Correct)

Answer : Amazon CloudWatch Amazon Simple Notification Service

Resources that are created in AWS are identified by a unique identifier which is known as what option given below


Options are :

  • Amazon Resource Number
  • Amazon Resource Nametag
  • Amazon Resource Name (Correct)
  • Amazon Resource Namespace

Answer : Amazon Resource Name

You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements?


Options are :

  • Spot Instances (Correct)
  • Reserved instances
  • Dedicated instances
  • On-Demand instances

Answer : Spot Instances

Your company VPC has a need to communicate with another company VPC within the same AWS region. What can be used from AWS to interface between the two VPC?


Options are :

  • VPC Connection
  • VPN Connection
  • Direct Connect
  • VPC Peering (Correct)

Answer : VPC Peering

You have a web application hosted in AWS on EC2 Instances. The application provides newspaper content to users around the world. Off late , the load on the web application has increased and is subsequently increasing the response time for the application for end users. Which of the below services can be used to alleviate this problem. Choose 2 answers from the options given below


Options are :

  • Use Cloudfront and use the web application as the origin (Correct)
  • Use AWS Storage gateways to distribute the content across multiple storage devices for better read throughput.
  • Use Elastic cache behind of the web application. (Correct)
  • Consider using SQS to process some of the user requests

Answer : Use Cloudfront and use the web application as the origin Use Elastic cache behind of the web application.

A retailer exports data from its transactional databases daily into an S3 bucket. The retailer's data warehousing team wants to import that data into an existing Amazon Redshift cluster in their VPC. Corporate security policy mandates that the data can only be transported within a VPC. What combination of the following steps will satisfy the security policy? Choose 2 answers from the options given below


Options are :

  • Enable Amazon Redshift Enhanced VPC routing
  • Create a cluster security group to allow the Amazon Redshift cluster to access Amazon S3
  • Create a NAT gateway in a public subnet to allow the Amazon Redshift cluster to access Amazon S3. (Correct)
  • Create and configure an Amazon S3 VPC endpoint. (Correct)
  • Setup a NAT gateway in a private subnet to allow the Amazon Redshift cluster to Access Amazon S3

Answer : Create a NAT gateway in a public subnet to allow the Amazon Redshift cluster to access Amazon S3. Create and configure an Amazon S3 VPC endpoint.

In AWS what is used for encrypting and decrypting login information to EC2 instances.


Options are :

  • Templates
  • AMIs
  • Key pairs (Correct)
  • None

Answer : Key pairs

Which is the service provided by AWS for providing a petabyte-scale data warehouse?


Options are :

  • Amazon DynamoDB
  • Amazon Redshift (Correct)
  • Amazon Kinesis
  • Amazon Simple Queue Service

Answer : Amazon Redshift

Which of the following are true regarding encrypted Amazon Elastic Block Store (EBS) volumes? Choose two answers from the options given below


Options are :

  • Supported on all Amazon EBS volume types (Correct)
  • Snapshots are automatically encrypted (Correct)
  • Available to all instance types
  • Existing volumes can be encrypted
  • Shared volumes can be encrypted

Answer : Supported on all Amazon EBS volume types Snapshots are automatically encrypted

You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? Choose 2 answers


Options are :

  • Set permissions on the object to public read during upload. (Correct)
  • Configure the bucket ACL to set all objects to public read.
  • Configure the bucket policy to set all objects to public read. (Correct)
  • Use AWS Identity and Access Management roles to set the bucket to public read.
  • Amazon S3 objects default to public read, so no action is needed.

Answer : Set permissions on the object to public read during upload. Configure the bucket policy to set all objects to public read.

You currently have an EC2 instance hosting a web application. The number of users is expected to increase in the coming months and hence you need to add more elasticity to your setup. Which of the following methods can help add elasticity to your existing setup. Choose 2 answers from the options given below


Options are :

  • Setup your web app on more EC2 instances and set them behind an Elastic Load balancer (Correct)
  • Setup an Elastic Cache in front of the EC2 instance.
  • Setup your web app on more EC2 instances and use Route53 to route requests accordingly. (Correct)
  • Setup DynamoDB behind your EC2 Instances

Answer : Setup your web app on more EC2 instances and set them behind an Elastic Load balancer Setup your web app on more EC2 instances and use Route53 to route requests accordingly.

You work for a company who are deploying a hybrid cloud approach. Their legacy servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection?


Options are :

  • Connect to the environment using AWS Direct Connect.
  • Assign a static routable address to the customer gateway (Correct)
  • Create a dedicated NAT and deploy this to the public subnet.
  • Update your route table to add a route for the NAT to0.0.0.0/0.

Answer : Assign a static routable address to the customer gateway

A customer is planning on hosting an AWS RDS instance. They have a need to ensure that the underlying data is encrypted. How can this be achieved. Choose 2 answers from the options given below


Options are :

  • Ensure the right instance class is chosen for the underlying Instance (Correct)
  • Choose only General Purpose SSD since only this volume type supports encryption of data
  • Encrypt the database during creation (Correct)
  • Enable encryption of the underlying EBS Volume

Answer : Ensure the right instance class is chosen for the underlying Instance Encrypt the database during creation

Your company has a requirement to host a static web site in AWS. Which of the following steps would help implement a quick and COST effective solution for this requirement. Choose 2 answers from the options given below. Each answer forms part of the solution.


Options are :

  • Upload the static content to an S3 bucket (Correct)
  • Create an EC2 Instance and install a web server
  • Enable web site hosting for the S3 bucket (Correct)
  • Upload the code to the web server on the EC2 instance

Answer : Upload the static content to an S3 bucket Enable web site hosting for the S3 bucket

Which of the below are incremental backups of your EBS volumes? Choose one answer from the options given below.


Options are :

  • Volumes
  • State Manager
  • Placement Groups
  • Snapshots (Correct)

Answer : Snapshots

A company want to implement a hybrid architecture where it wants to connect VPC's in its account to its on-premise architecture. Which of the following can be used to create a secure private connection between the Company's on-premise architecture and the VPC's hosted in AWS.


Options are :

  • AWS Direct Connect + VPN (Correct)
  • Route53
  • ClassicLink
  • AWS Direct Link

Answer : AWS Direct Connect + VPN

You are planning on creating a VPC from scratch and launch EC2 Instances in the subnet. What should be done to ensure that one can access the EC2 Instance from the Internet?


Options are :

  • Attach an Internet gateway to the VPC and add a route for 0.0.0.0/0 to the Route table (Correct)
  • Attach an NAT gateway to the VPC and add a route for 0.0.0.0/0 to the Route table
  • Attach an NAT gateway to the VPC and add a route for 0.0.0.0/32 to the Route table
  • Attach an Internet gateway to the VPC and add a route for 0.0.0.0/32 to the Route table

Answer : Attach an Internet gateway to the VPC and add a route for 0.0.0.0/0 to the Route table

You are building an automated transcription service in which Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable?


Options are :

  • Multiple Amazon EBS volume with snapshots
  • A single Amazon Glacier vault
  • A single Amazon S3 bucket (Correct)
  • Multiple instance stores

Answer : A single Amazon S3 bucket

An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances. When Auto Scaling needs to terminate an EC2 instance by default, Auto Scaling will: Choose 2 answers.


Options are :

  • Allow at least five minutes for Windows/Linux shutdown scripts to complete, before terminating the instance.
  • Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected.
  • Send a SNS notification, if configured to do so. (Correct)
  • Terminate an instance in the AZ which currently has 2 running EC2 instances. (Correct)
  • Randomly select one of the 3 AZs, and then terminate an instance in that AZ.

Answer : Send a SNS notification, if configured to do so. Terminate an instance in the AZ which currently has 2 running EC2 instances.

A database hosted in AWS is currently encountering an extended number of write operations and is not able to handle the load. What can be done to the architecture to ensure that the write operations are not lost under any circumstance?


Options are :

  • Add more IOPS to the existing EBS volume used by the database
  • Consider using DynamoDB instead of AWS RDS
  • Use SQS queues to queue the database writes (Correct)
  • Use SNS to send notification on missed database writes and then add them manually at a later stage.

Answer : Use SQS queues to queue the database writes

An application consists of a couple of EC2 Instances. One EC2 Instance hosts a web application and the other instance hosts the database server. Which of the following changes can be made to ensure high availability of the database layer


Options are :

  • Enable Read-Replica’s for the database
  • Enable Multi-AZ for the database
  • Have another EC2 Instance in the same availability zone with replication configured
  • Have another EC2 Instance in the another availability zone with replication configured (Correct)

Answer : Have another EC2 Instance in the another availability zone with replication configured

What does the following command do with respect to the Amazon EC2 security groups? revoke-security-group-ingress


Options are :

  • Removes one or more security groups from a rule.
  • Removes one or more security groups from an Amazon EC2 instance.
  • Removes one or more rules from a security group. (Correct)

Answer : Removes one or more rules from a security group.

When working with API gateways in AWS , what is the type of endpoints that are exposed


Options are :

  • HTTP
  • HTTPS (Correct)
  • JSON
  • XML

Answer : HTTPS

Which of the following feature can be used to move Objects from S3 standard storage to Amazon Glacier


Options are :

  • S3 Events
  • Object Versioning
  • Storage Class
  • Lifecycle policies (Correct)

Answer : Lifecycle policies